Computer Science 101 Cryptography Part II. Modern Cryptography Enigma was last mechanical crypto...

Computer Science 101

CryptographyPart II

Modern Cryptography

• Enigma was last mechanical crypto device in widespread use

• All modern crypto is done with digital electronics (i.e., computers)

• Main applications– Military communication

– Banking transactions

– “Illicit” activity (terrorism, drugs, porn, file-sharing)

Symmetric vs. Asymmetric Crypto

• Symmetric : Single key for both encryption and decryption (what we've seen thus far)– Both Alice and Bob must have the key– Best-known example: DES

• Asymmetric : One key encryption, another for decryption– Bob publishes his public encryption key (Alice &

Eve can both see it), hides his private decryption key

– Best known examples: RSA

Symmetric Crypto

• Block Cipher: Break digital message into small blocks (chunks) for encoding/transmission

• E.g., using ASCII (8 bits per letter), 64-bit block can encode 8 characters

• Basic idea: mix up (convolve, blend) block with key so much that each bit is “smeared” over whole block – like making dough from eggs, flower, water.

• Then Eve has to extract eggs from dough!

Block Ciphers

• Plaintext is divided into blocks

• Blocks are operated on to produce blocks in the ciphertext.

• This obscures the letter structure of the plaintext

• Each character of block contributes to all characters of the encrypted block.

Block Cipher - Example

• Matrix multiplication:– To obtain element in row I, column J, we

multiply elements from row I of first matrix with corresponding elements of column J of second matrix and add up these products:

4 23 5

6 33 6

30 2433 39

Block Cipher – Example (Cont.)• Matrix multiplication:

• For this example, we now would reduce the numbers modulo 26

4 23 5

6 33 6

30 2433 39

4 247 13

30 2433 39

Block Cipher – Example (Cont.)

• Now each character is given a numerical value.– For simplicity, let’s use position in alphabet A is 1, etc.

– Each letter in plaintext is replaced by numerical value

– Message “GENERALS” becomes 7 5 14 5 18 1 12 19

• Again for simplicity, let’s use block size of 2– Message looks like 7 5 14 5 18 1 12 19

Block Cipher – Example (Cont.)

• For block size of 2, we would encrypt using some 2 by 2 matrix, block size n uses n by n matrix.

• We need an invertible matrix. Matrix A is invertible if there’s another matrix B so that multiplying A by B yields matrix with 1’s on diagonal and 0’s elsewhere.

3 52 3

-3 5 2 -3

1 0 0 1

Block Cipher – Example (Cont.)• So, we choose our invertible matrix.• To encrypt the message, we multiply each block times the encryption matrix to obtain encrypted block:

– Message: 7 5 14 5 18 1 12 19

– Becomes: 5 24 0 7 4 15 22 13 or EXZGOVM from GENERALS

31 503 52 3

7 5 5 24

52 853 52 3

14 5 0 7

56 933 52 3

18 1 4 15

74 1173 52 3

12 19 22 13

Block Cipher – Example (Cont.)• To decrypt, we reverse the process, using the inverse of the encryption matrix

– Ciphertext EXZGOVM becomes: 5 24 0 7 4 15 22 13

– Or GENERALS 33 -47-3 5 2 -3

5 24 7 5

14 -21-3 5 2 -3

0 7 14 5

18 -25-3 5 2 -3

4 15 18 1

-40 71-3 5 2 -3

22 13 12 19

Invitation to Computer Science, Java Version, Third Edition 12

DES

• Stands for Data Encryption Standard

• Designed to protect electronic information

• A block cipher

• Blocks: 64 bits long

• Key: 64-bit binary key (only 56 bits are used)

Invitation to Computer Science, Java Version, Third Edition 13

DES (continued)

• Every substitution, reduction, expansion, and permutation is determined by a well-known set of tables

• The same algorithm serves as the decryption algorithm

Invitation to Computer Science, Java Version, Third Edition

14

Figure 13.11The DES Encryption Algorithm


15

DES (continued)

• Triple DES

– Improves the security of DES

– Requires two 56-bit keys

– Runs the DES algorithm three times

• AES (Advanced Encryption Standard)

– Uses successive rounds of computations that mix up the data and the key

– Key length: 128, 192, or 256 bits

DES: Trust Us, We're the Government• Data Encryption Standard : IBM (NSA?) block

cipher

• 64-bit blocks

• 56 bit keys (64 bits, minus 8 for parity)

• 16 rounds

• Hard to defeat using correlational techniques (c.f. Enigma)

• Brute force : 256 = 72,057,600,000,000,000

possible keys to try

• So we're safe, right?

DES: The Revenge of Moore's Law

• Moore's Law: Computer power doubles every 18 months.

• Each bit = factor of two

• So to break N more bits in key, wait 18N months = 1.5N years

• But DES was developed 30 years (20 bits) ago

• Blaze, Diffie, Rivest, Schneier, et al. (1996) – 56 bits is no longer enough!

DES: The Revenge of Moore's Law• With parallel computing, you can “buy” more bits

– First computer tries keys 0 .. 228-1– Second computer tries keys 228..256-1– Of course, we have more than two computers (like our

48-node Beowulf cluster)!

• Alternatives: 3DES (168 bits), Blowfish (448 bits),

Skipjack / Clipper (80 bits) – declassified 1998

Symmetric Key Crypto: General Issues• Problem: How do Alice and Bob share a

key?– Alice sends key to Bob (but Eve sees it!)– Alice and Bob meet in secret

(inconvenient; impractical)

– Alice has her key KA ; Bob has his K

B ; and they

send the message M back and forth; e.g.:• K

A = 3

• KB = 5

• M = 4

• Encrypt = *

• Decrypt = /

Symmetric Crypto without Key Sharing

A: 4*3 B12


A: 4*3 B: 12*512


A: 4*3 B: 12*512

60


A: 4*3 B: 12*512

60A: 60/3


A: 4*3 B: 12*512

60A: 60/3

20

60


A: 4*3 B: 12*512

60A: 60/3

B: 20/520

60


A: 4*3 B: 12*512

60A: 60/3

B: 20/520

60

4

Symmetric Crypto without Key Sharing• Of course...

– Keys are more complicated than 3, 5– Functions are more complicated that *, /– E.g., use block ciphers with 3DES, Blowfish,

Skipjack, ...• Sending message three times is inefficient and

may be costly

• Can we avoid sharing secret keys and still send message only once?

The RSA Public-Key Cryptosystem

• Rivest, Shamir, and Adelman, “A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120-126, 1978

• Asymmetric encryption algorithm – all senders to a given receiver use the same public key for encryption. Only the receiver has the private decryption key which is very different, but someway related.

Bob and Alice

• PA, SA public and secret keys for Alice

• PB, SB public and secret keys for Bob

PASA

Bob Alice

M MC= PA(M)

The Public and Private Keys1. Select two large primes, p and q. (100 decimal

digits, maybe)2. Compute n = pq3. Let m= (p-1)(q-1)4. Select small positive integer e that shares no

factors with m5. Find d, which is the multiplicative inverse of e,

modulo m (guaranteed to exist)6. Publish the pair P = (e,n) as public key7. Keep secret pair S = (d,n) as private key.

Encoding and Decoding

• Recall P=(e,n), S=(d,n)

• Given message M, interpret as number in range 0 to (n-1).

• Then encoding is P(M) = Me (modulo n) = C

• Decoding is S(C) = Cd (modulo n) = (Me)d = Med = M all done modulo n.

RSA

• Example: p = 5, q = 7, e = 5:– 5 is a good value for d, because

m = (p-1)(q-1) = 4*6 =24 and e*d = 5*5 = 25=1 (mod 24)

– n = 5*7 = 35– To encode message M = 4:

C = M e mod n = 45 mod 35 = 1024 mod 35 = 9

– To decode: M = C d mod n = 95 mod 35 = 59049 mod 35 = 4

RSA• Breaking the code means figuring out private key

d.

• Seems like Eve can do this easily, using algebra:– Make up arbitrary message M– Encode it using Bob's public key (e, n): C = M e mod n– Then solve M = C d mod n• For M = 4, n = 35, e = 5 example:– C = 9– 4 = 9d mod 35

RSA• Problem: Lots of values of d will work:

– 4 = 95 mod 35 = 911 mod 35 = 917 mod 35 = ...

• In fact, Eve must know p and q if she wants to find d

(since Bob used p and q to generate d)

• So the problem becomes factoring n into p*q.

• So Bob uses huge p, q, and gets very huge n.

• This is the “magic” of primes: there is no way other than exhaustive search.

• The encoding function C = M e mod n is a trapdoor : easy to get in, difficult to get out!

What is this based on?

• Note: We make public (e,n), and keep secret d.

• Note that an eavesdropper would only need to factor n, getting p and q and then could find d.

• RSA is based on the fact that we do not have an algorithm that can factor large numbers in any feasible speed. Furthermore there is much evidence suggesting that there can not be such an algorithm.

PGP

• Phil Zimmermann – politically active physicist / computer scientist; wants to make asymmetric (public-key) crypto available to ordinary citizens

• But RSA algorithm runs too slow on 1980's PC's

• Solution : combine symmetric (DES) and

asymmetric (RSA) techniques

PGP: Pretty Good Privacy• Alice uses Bob's public RSA key to encrypt her

secret DES key (small), and DES key to encrypt message (big). Sends both to Bob.

A:DES

A

PubKeyB

M DESA

C1C

2C

3...C

n

PGP

• Bob decrypts Alice's IDEA key using his private RSA key, then the message using A's IDEA key.

B:

PrivKeyB

MDESA

C1C

2C

3...C

n

Secure Socket Layer

Figure 13.12

An SSL Session


40

Computer Science 101 Cryptography Part II. Modern Cryptography Enigma was last mechanical crypto...

Documents

Transcript of Computer Science 101 Cryptography Part II. Modern Cryptography Enigma was last mechanical crypto...